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[57] ABSTRACT 

A method for encryption wide-bandwidth video, using a first 
processor for encrypting the video and a second processor 
for decrypting the video. Data is taken in blocks. A block of 
data is scrambled to generate scrambled data, then parti- 
tioned into a first portion and a second portion. A global key 
is generated at the first processor and the second processor, 
using public key technology. At the first processor, the 
global key is exclusively-ORed with the first portion, 
thereby generating a encrypted second portion. At the first 
processor, a random number is generated from the first 
portion and cxclusively-ORed with the second portion to 
generate an encrypted second portion. At the second 
processor, the global key is exclusivcly-ORed with the 
encrypted first portion. At the second processor, the random 
number is recovered from the decrypted first portion and 
exclusively-ORed with the encrypted second portion to 
decrypt it. The scrambled data are descrambled, thereby 
recovering the data. 

22 Claims, 3 Drawing Sheets 
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SYSTEM FOR ENCRYPTION OF 
PARTITIONED DATA BLOCKS UTILIZING 
PUBLIC KEY METHODS AND RANDOM 
NUMBERS 

RELATED PATENTS 

This invention is related to U.S. Pat. No. 4,200,770 
entitled "CRYPTOGRAPHIC APPARATUS AND 
METHOD", to W. Diffie and M. E. Hellman, Apr. 29, 1980; 
U.S. Pat. No. 4,405,829 entitled "CRYPTOGRAPHIC 
COMMUNICATIONS SYSTEM AND METHOD", to R. 
Rivest, A. Shamir and L. Adleman, Sep. 20, 1983; and, U.S. 
Pal. No. 4,424,414, entitled "EXPONENTIATION CRYP- 
TOGRAPHIC APPARATUS AND METHOD", to S. C. 
Pohlig and M. E. Hellman, which are all incorporated herein 
by reference. 

BACKGROUND OF THE INVENTION 

This invention relates to encryption, and more particularly 
to an efficient method for encrypting wide bandwidth video, 
with the security of public key technology. 

DESCRIPTION OF THE RELEVANT ART 

Advances in modern state-of-the-art telecommunications 
technologies including personal computers, local area 
networks, distributed data bases, pocket radio, satellite 
teleconferencing, electronic mail, and electronic funds 
transfer, have stimulated an increased awareness of the 
vulnerability of communications links to interception and of 
the susceptibility of databases to exploitation and tampering. 
This same telecommunications revolution has made wide- 
spread the availability of technology for implementing tech- 
niques which can provide authenticated communications 
that also can be made secure against eavesdropping or 
tampering. 

Primary users of a secure network of communicators 
include the banking community which has a need for 
easuring that funds, electronically transferred, are sent cor- 
rectly: a message authentication problem. Similarly, the 
stocks and securities community, which operates on a com- 
puter network, has a requirement that the buying and selling 
of stocks be authentically sent to and from the correct 
person. 

Communicators increasingly are becoming aware of com- 
munications privacy and security. A technical solution, for 
providing security against both eavesdropping and the injec- 
tion of illegitimate messages, includes cryptography. Two 
generic approaches to key distribution are classical crypto- 
graphic techniques and pubhc key cryptographic techniques. 
Classical cryptography requires that, for ensuring secure 
communications, communicators must have keys that are 
identical. The encryption key is used to "lock" or secure the 
messages and a receiver must have an identical key to 
"unlock" or decrypt the messages. A problem arises with key 
distribution in a large network of communicators who wish 
to communicate with each other securely. 

A major problem with classical cryptographic techniques 
is key distribution in a large network which requires n(n- 
l)/2 keys for n nodes. For example, a message, M, which is 
encrypted with an encryption key E^, into a cipher text, C, 
requires that the key be distributed over a private channel to 
the receiver. This requirement includes the generating, 
storing, distributing, destructing and archiving of key vari- 
ables which are essential elements of encipherment. 
Typically, a courier is responsible for distributing the keys 
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over the private channel. For a large network of 
communicators, this requires a courier to distribute the key 
to many users. Further, if all communicators in the network 
were using the same key, and if the key were compromised 
5 by any one communicator, then the whole network is com- 
promised. 

The Data Encryption Standard (DES) could be used with 
a commonly generated global key, where the global key is 
generated using public key cryptographic techniques. The 
DES implemented in software is inefScient due to its com- 
plicated algorithm, and time consuming in performing cal- 
culations for each block of data. For wide bandwidth data, 
as would be \ised with video, the time requirement with DES 
is undesirable. 

The advent of inexpensive electronics hardware has faciU- 
tated means for providing the security of communications. 
In computer communications networks in particular, public 
key cryptography, which may be viewed as a multiple access 
cryptographic technique, provides a relatively inexpensive 
means for distributing keys among communicators and 
20 ensuring communications privacy and message authentica- 
tion in comparison to conventional cryptographic tech- 
niques. 

SUMMARY OF THE INVENTION 

25 A general object of the invention is encrypting wide 
bandwidth, as might be used for video, with an efficient 
melliod, while achieving the level of security attributed to 
public key systems. 

According to the present invention, as embodied and 

30 broadly described herein, a method, using a first processor 
located at a first user and a second processor located at a 
second user, for encrypting and decrypting data is provided. 
The data have a plurality of blocks. ITie first user has a first 
secret key, and a first public key generated from the first 

35 secret key. The second user has a second secret key, and a 
second public key generated from the second secret key. 

For secure communications between the first user and the 
second user, the method comprises the steps, at the first user 
using the first processor, of generating a global key from the 

40 second public key and the first secret key and, for each block 
of data, scrambling the block of data, thereby generating a 
block of scrambled data. The method includes partitioning 
the block of scrambled data into a first portion and a second 
portion, thereby generating a block of scrambled data having 

45 a first portion and a second portion. The method includes the 
step of generating a random number, using an algorithm in 
the first processor, from the first portion of the block of 
scrambled data. The method further includes the steps of 
combining the second portion of the block of scrambled data 

50 with the random number to generate a scrambled second 
portion, and combining the global key with the first portion 
of the block of scrambled data to generate a scrambled first 
portion, thereby generating encrypted data comprising the 
scrambled second portion concatenated with the scrambled 

55 first portion. The encrypted data are sent from the first 
processor to the second processor. 

At the second user, using the second processor, the 
method comprises the steps of generating the global key 
from the first public key and the second secret key, and 

60 combining the global key with the scrambled first portion to 
generate the first portion. The random number is generated 
from the first portion. The method further includes the steps 
of combining the random number with the scrambled second 
portion, thereby generating the second portion, and descram- 

65 bling the block of scrambled data comprising the first 
portion and the second portion, thereby generating the block 
of data. 
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Additional objects and advantages of the invention are set 
forth in part in the description which follows, and in part are 
obvious from the description, or may be learned by practice 
of the invention. The objects and advantages of the invention 
also may be realized and attained by means of the instru- 
mentalities and combinations particularly pointed out in the 
appended claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The accompanying drawings, which are incorporated in 
and constitute a part of the specification, illustrate preferred 
embodiments of the invention, and together with the 
description serve to explain the principles of the invention. 

FIG. 1 is a video encryption block diagram; 

FIG. 2 illustrates random seed and global key creation; 
and 

FIG. 3 is a block diagram of a logic element implementing 
an algorithm for generating a random number. 

DETAILED DESCRIPTION OF THE 
PREFERRED EMBODIMENTS 

Reference now is made in detail to the present preferred 
embodiments of the invention, examples of which are illus- 
trated in the accompanying drawings. 

The present invention provides a new and novel method 
for encrypting broadband data to be communicated between 
a first user and a second user. The first user has a first 
processor and the second user has a second processor. The 
data are assumed to have a plurality of blocks. The first user 
has a first secret key and a first public key; the first public 
key is generated from the first secret key. The second user 
has a second secret key and a second public key; the second 
public key is generated from the second secret key. The first 
public key and the second public key arc generally available 
to all users. The first secret key is secret and known to the 
first user, but not to other users. The second secret key is 
secret and known to the second user, but not to other users. 

Referring to FIG. 1, the data typically are compressed 11 
at the video input. At the first user, using the first processor, 
the method comprises the steps of generating 13 a global key 
from the second public key and the first secret key. What are 
generally known as public key algorithms or technology, are 
used to generate a respective public key from a secret key. 
Public key algorithms are disclosed in U.S. Pat. No. 4,200, 
770, by way of example. The global key need not be 
generated using a public key algorithm. Instead, the global 
key may be distributed or hand delivered by a courier. Using 
a public key algorithm, however, is a preferred method for 
obtaining a global key at each user. 

The method includes scrambling 12, for each block of 
data and using the first processor, a block of the data. This 
produces a block of scrambled data. Many algorithms may 
be used for the scrambling. For example, each block is 
assumed to have a multiplicity of sub -blocks. The multi- 
plicity of sub-blocks, as shown in FIG. 1, for a block of data 
having 512 bits, may be 16 sub-blocks of 32 bits per 
sub-block. The multiplicity of sub-blocks (DO, Dl, D2 . . . ), 
as shown in FIG. 2, can be exclusively-XORed to generate 
a block of scrambled data. The first sub-block of data is not 
altered. The second sub-block of data is exclusively-XORed 
with the first sub -block of data. The third sub-block of data 
is exclusively-XORed with the first sub-block of data and 
the second sub-block of data, or equivalently, the third 
sub-block is exclusively-XORed with the previously 
exclusively-XORed result. The subsequent sub-blocks of 
data are similarly generated. 
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The scrambling need not be accomplished using sub- 
blocks of data and, alternatively, may be performed on a 
bit-by-bit basis. A key to the scrambling is that the mapping 
of the block of data to the block of scrambled data is 
5 one-to-one, or substantially one-to-one. With the one-to-one 
requirement being met, the scrambling may use a hashing 
function, or even a simple cipher, such as a Caesar cipher. If 
a simple cipher were used for the scrambling, then the key 
to the simple cipher may be passed in the header. The key for 
the simple cipher need not be secret. 

The block of scrambled data is partitioned into a first 
portion and a second portion. This generates a block of 
scrambled data having the first portion and the second 
portion. In FIG. 2, the first portion is shown as the last 448 

15 

The method further includes generating 14 a random 
number, using an algorithm in the first processor, from the 
first portion of the block of scrambled data. A random 
number is generated each time a block of data is inputted 

20 into the processor. Thus, since the first portion can have 
different number or a different data, the random number is 
different for each block of data. 

FIG. 3 shows, by way of example, that the algorithm may 
be implemented with a plurality of shift registers, which are 

25 coupled to a plurality of logic gates. In FIG. 3, seven linear 
feedback shift registers LFSRl, LFSR2, LFSR3, LFSR4, 
LFSR5, LFSR6, LFSR7 are shown. These shift registers 
store the first portion. Each of the linear feedback shift 
registers is loaded with the bits from the first portion of the 

30 block of scrambled data. In FIG. 3, the outputs of the first 
and second linear feedback shift register LFSRl, LFSR2 are 
coupled to a first exclusive-OR gate 21. The outputs of the 
third and fourth linear feedback shift registers LFSR3, 
LFSR4 are coupled to a second exclusive-OR gate 22. The 

35 outputs of the fifth, sixth and seventh linear feedback shift 
registers LFSR5, LFSR6, LFSR7 are coupled to a third 
exclusive-OR gate 23. The outputs of the first exclusive-OR 
gate 21, of the second exclusive-OR gate 22 and of the third 
exclusive-OR gate 23 are coupled to an AND gate 25. The 

40 output of the AND gate 25, and an output of the first linear 
feedback shift register LFSRl, the second linear feedback 
shift register LFSR2, the third linear feedback shift register 
LFSR3, the fourth linear feedback shift register LFSR4, the 
fifth linear feedback shift register LFSR5, the sixth linear 

45 feedback shift register LFSR6, and the seventh hnear feed- 
back shift register LFSR7 are coupled to a fourth exclusive- 
OR gate 24. The random number is present at the output of 
the fourth exclusive-OR gate 24. The combination of logic 
elements shown in FIG. 3 is representative, and other 

50 combinations may be used to generate a random number. 
The steps of the method further include, using the first 
processor, combining 15 the second portion of the block of 
scrambled data with the random number to generate a 
second scrambled portion. The step of combining the second 

55 portion of the block of scrambled data with the random 
number, as illustrated in FIG. 2, may be embodied by 
exclusive- ORing the second portion of the block of 
scrambled data with the random number. The common 
secret number or global key is then combined 16 with the 

60 first portion of the block of scrambled data to generate a first 
scrambled portion. The step of combining 16 the global key 
with the first portion of the block of scrambled data may be 
embodied by exclusive-ORing the global key with the first 
portion of the block of scrambled data. The steps of com- 

65 bining the second portion of the block of scrambled data 
with the random number and combining the first portion of 
the block of scrambled data with the global key generate 
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encrypted data. The encrypted data includes the scrambled 
second portion concatenated with the scrambled first por- 
tion. The encrypted data are sent from the first processor to 
the second processor, typically over a communications chan- 
nel. 

At the second user, using the second processor, the 
method includes generating the global key from the first 
public key and the second secret key. Again, the first public 
key, as with the second public key and all public keys, is 
assumed to be generally available to the public. The secret 
key which, in this instance, is the second secret key, is secret 
to the second user and not known to the other users. 

The method includes combining the global key with the 
scrambled first portion to generate the first portion of the 
block of scrambled data. The step of combining the global 
key with the scrambled first portion may be embodied by 
exclusive- ORing the global key with the scrambled first 
portion. The method further includes generating the random 
number from the first portion and combining the random 
number with the scrambled second portion to generate the 
second portion of the block of scrambled data. The algo- 
rithm used at the first processor to generate the random 
number from the first portion of the block of scrambled data 
is used at the second processor. Inserting the first portion of 
the block of scrambled data into the combination of ele- 
ments shown in FIG. 3, by way of example, produces the 
same random number as was produced at the first processor. 
The step of combining the random number with the 
scrambled second portion may be embodied by exclusive - 
ORing the random number with the scrambled second 
portion. The block of scrambled data, having the first portion 
and the second portion, is descrambled to generate the block 
of data. 

The present invention also includes a system for encrypt- 
ing and decrypting data. The data are assumed to have a 
plurality of blocks. The first user has a first secret key and 
a first public key; the first public key is generated from the 
first secret key. The second user has a second secret key and 
a second public key; the second public key is generated from 
the second secret key. The system includes a first processor 
which is located at the first user and a second processor 
which is located at the second user. 

The first processor generates a global key from the second 
public key and the first secret key. The first processor 
scrambles and partitions a block of data to generate a block 
of scrambled data having a first portion and a second 
portion. ITie first processor generates a random number, 
using an algorithm in the first processor, from the first 
portion of the block of scrambled data. The first processor 
combines the second portion of the block of scrambled data 
with a random number to generate a second scrambled 
portion, and combines the global key with the first portion 
of the block of scrambled data to generate a first scrambled 
portion. The resulting encrypted data comprises the 
scrambled second portion concatenated with the scrambled 
first portion. 

The second processor generates the global key from the 
first public key and the second secret key. Tlie second 
processor combines the global key with the scrambled first 
portion, to generate the first portion. The first portion is not 
encrypted. The second processor generates the random num- 
ber from the first portion and combines the random number 
with the scrambled second portion, to generate the second 
portion. The first portion is not encrypted. The second 
processor descrambles the block of scrambled data having 
the first portion and the second portion, to generate the block 
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of data, which is not scrambled. The first processor may 
combine the second portion of the block of scrambled data 
with the random number by exclusive -ORing the second 
portion of the block of scrambled data with the random 

5 number. Similarly, the first processor may combine the 
global key with the first portion of the block of scrambled 
data by exclusive-ORing the global key with the first portion 
of the block of scrambled data. 

The second processor may combine the global key with 

10 the scrambled first portion by the exclusive-ORing the 
global key with the scrambled first portion. The second 
processor also may combine the random number with the 
scrambled second portion by exclusive-ORing the random 
number with the scrambled second portion. 

IS 

Public Key Cryptographic Concepts 

Public key cryptographic systems are based on the trap- 
door one-way function. Consider first, the concept of a 
one-way function. A one-way function is an easily computed 
20 function whose inverse is computationally infeasible to find. 
That is, for a Y=f(X), given an X, Y is easy to compute. 
However, given a Y, X is difficult to compute. 

The Diffie-Hellman public key cryptographic system is 
based on exponentiation of number p, in a Galois field, 
^5 GF(p). 

The basic computations for the Diffie-Hellman pubHckey 
encryption are as follows: 



30 ENCRYPTION: Y - modulo p 

DECRYPTION: X » Y^ modulo p 

X, Y are integers < p. 

where X is the plain-text, Y is the ciphertext, E is the secret 
35 encryption exponent and D is the secret decryption expo- 
nent. 

A key management system based on the work of Di££e- 
Hellman and Hellman-Pohhg, and independently on the 
work of Merkle, is two pronged: first, a common secret 

40 number is established between two communicators, without 
either communicator having exchanged any secret informa- 
tion. Second, this common secret number is then used as a 
key in conventional cryptographic systems, for example, 
employing the Data Encryption Standard (DES), for end- 

45 phering messages. 

The security of the DifiEe-Hellman system rests on the 
difficulty of performing discrete logarithms in the finite field, 
denoted GF(p), of integers modulo p, a very large prime 
number. A basic conjecture is that exponentiation in GF(p) 

50 is a one-way function for a large prime number p. Given 
integers X and N, the equation Y=X^ modulo p is easy to 
compute, where O^X^p. Given Y and X, N is hard to 
compete in the above equation, because taking a discrete 
logarithm is computationally hard, N=logy(Y), in GF(p). For 

55 the best known algorithm for finding discrete logarithms, 
GF(p), the discrete logarithm on a Cray machine is believed 
to be impractical to compute when p is a 1000-bit prime 
number. In contrast, the exponentiation takes a fraction of a 
second to compute, GF(p). Encryption and decryption are 

60 both to be done with exponentiation. 

For example, an encryption exponent E and decryption 
exponent D can be derived using Euler's Theorem from 
number theory to satisfy 

D*E-1 modulo (p-1) 

This is a necessary relationship for D to be the exponential 
inverse of E; that is, (X^)^-l modulo p. This relationship 
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can be used to encrypt a message X, an integer less than p, is the decryption exponent. For most encrypted network 

by the exponentiation operation, applications, terminal A and terminal B would exchange 

Y«X^ modulo p encryption keys from conventional encryptors using Z and 

and to decrypt this message by another exponentiation Tbis is because encryption with exponentiation may be 

operation, ^ ^^^'^ networks. 

X=Y^ modulo terminal A and terminal B to contribute inde- 

TT ^ ° ^* . * J T- u u* • J -1 pendent random bits to the generation of keys may be 

Here E and D are kept secret and E can be obtamed easily j .it- i* - ia - io 

r r*j- n' v^v iuL desirable. For example, termmal A and terminal B can 

from D and vice versa. Given p, X, and Y satisfying the . . , : ^ u-* 4 t u- u 

* *c f mdependently generate random bits to form messages which 

above two equations, the secret encryption exponent E, for u i • '7 j '7* tt,<. 

, . ^ , . , j-ic U4 a A 10 they exchange securely using Z and Z* as shown. Ine nnal 

a large pnme number p, is computationally difficult to find, i X uf ^ ^ f tuo.-* i^A^ 

J f J en 1* ui t * 1 ' J- * 1 „ encryption keys can then be some function of these inde- 

due to the difi&cult problem of taking discrete logarithms in . i j i , a u * c„^k 

V „ , ^ . f rn t,-*o « AiZ.^^*^ i««o pendently and randomly generated bit sequences such as 

GF(p). For a pnme number p of 512 bits, a discrete loga- f u-^u u** j i -i jj *- p*u * k * 

* J . u j-PK uf« ^ taking bit by bit modulo 2 addition of the two bit sequences, 

nthm IS esUmated to be many times more difficult to perform . ,f ^ u r* , ■ a „r,^ to™;«oi ti t« 

^, u . r 1 *u T^ce 1 M, Another possibihty is for terminal A and termmal B to 

than a brute force attack on the DES algorithm. . , ^ ^ . . i- 

^ . , , . r A A 4* 15 independently generate new secret and public numbers, 

An important property o the encrypUon and decryption ^^^^P Jse pubhc numbers, compute a new shared 

function based on exponentiation m GF(p) is the commu- ^^^^^^ ^^^^^^ ^^^^^ ^^^.^^ ^.^ ^^.^.^^^ ^^^^^^ 

tative property where ^ _ secret number Z to form secret encryption keys. 

(X^^ modulo pf^ modulo p=(X ' modulo pf^ modulo p. example, keys might be of the form M=ZS modulo 

This property allows two commuinicators in a network, p 
hypothetically terminal A and terminal B, to share a secret 

number by only exchanging non-secret numbers. RSA System 

Assume the entire network has fixed known constants, not ^ public key encryption technique invented by 

necessarily secret: Rivest, Shamir, and Adleman, and disclosed in U.S. Pat, No. 

p-prime number 25 4,405,829. The security of the RSA system rests on the 

and a is any integer between 0 and p-1. difficulty of factoring integers into their prime components. 

For terminal A and terminal B to obtain a shared secret with the Dififie-Hellman system, encryption and 

number, terminal A randomly generates a secret number, decryption are both done with exponentiation. In the RSA 

X^=terminal A's secret number, system, however, the modulus is not a prime number as in 

and computes a corresponding public number, 30 the Diffic-Hellman technique. Instead, the modulus is a 

Y =a^* modulo p. product of two secret prime numbers and, for security, the 

Tenitinal B also randomly generates a secret number, modulus must be unique to each user in the network. 

X^-terminal B's secret number, Using the RSA system, terminal A and terminal B cari 

and computes a corresponding public number, ^^^^tiange secret messages by first exchanging non-secret 

^ . ^ public numbeis. Terminal B first randomly generates two 

Y^«a"^ modulo p. , u f ii large secret prime numbers, 

For a large prime number, the secret numbers, for all f v .,n, u ^ ^ o^^«t 

practical p4oL, are impossible to obtain from the pubHc (P*- cu)=termmal B's secret pnme numbers, a secret 

. decryption exponent, 

numbers, ^ - , 7 , , a 

Terminal A and terminal B can share a secret number that D^-temiinal B s secret decryption exponent, and a non- 

is unique to them while only exchanging non-secret pubUc secret pubUc encryption exponem, 

numbers. Specifically, suppose terminal A sends his public E^«teraainal B's public encryption exponent which sat- 

number, Y^, to terminal B while terminal B sends his public isfies 

number, Yj^, to terminal A. By the commutative property, E^*D^=1 modulo [(pj-l)(qB-l)]- 

terminal A can compute , . In general, to obtain Djj from E^, one would have to know 

Z=Y modulo D P^"^^ Qumbers p^ and q^. Hence, without knowledge of 

. . I „ ^ ^ ^ „„t,,K*.r K„ terminal B's secret prime numbers, knowing the public 

while terminal B can compute the same number by . j . y a 

^ ^ encrypUon exponent E^ does not reveal the decryption 

Z=Y^ « modulo P- exponent D^. In order for the RSA system to be "strong". 

Next temimal A and terafiinal B compute Z , the reciprocal ^^^^ numbers p-1 and q-1 should have large prime 

of Z, such that factors. 

For terminal A to send a secret message to terminal B, 
terminal B must send to terminal A his public numbers 

In a particular Diffie-Hellman system the prime number p is N^-PbCLb, and E^. 

chosen to satisfy Then terminal A can send the message X by 

exponentiation, 
Y-X^» modulo 

where q is a prime number. Then if Z were an odd integer. Only terminal B can decrypt this message by similar expo- 
then nentiation with his secret decryption exponent, 

60 X=Y^ modulo 

Z'^A"-^ modulo (p-1) addition, tcnninal B can send a certified non-secret 

which is another exponentiation. If Z were not an odd message M to terminal A by sending, 

number, then terminal A and terminal B first can convert Z C=M^ modulo 

to an odd number and then compute Z*. with which terminal A can obtain M from 

The shared secret number Z and Z* are used by terminal 65 M-C^^ modulo 

A and terminal B as a global key to encrypt and decrypt since terminalAknows terminal B's public numbers. In fact, 

messages where E-Z is the encryption exponent and D-Z* anyone that has terminal B's public numbers can obtain the 



Z-Z*=l modulo (p-1). 
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message M from C. Only terminal B, however, could have 
compuled C from M. Upon converting C to M, terminal A 
or anyone else who has terminal B's public numbers knows 
that the message M came from terminal B. Thus, the 
message M has been signed (authenticated or certified) by s 
terminal B in this procedure. Terminal A also can randomly 
generate secret prime numbers, 

(Pa^ q^)«terminal A's secret prime numbers, 
a secret decryption exponent, 

D^«= terminal A's secret decryption exponent, jq 
and a non-secret public encryption exponent, 

E^= terminal A's public encryption exponent, 
which satisfies (using Euler's Theorem) 

E,D^=1 modulo [(p^-l)(cu-l)]. 

If terminal A and terminal B were to exchange their public 
numbers then they can exchange secret signed messages in 
both directions. For a network of encryptors, these secret 
messages are typically keys for conventional encryptors. 

Note that in the RSA technique, every user in the system 
must have a distinct composite number made up of two large 
prime numbers; in the Difl&e-Hellman technique, by 
contrast, a single prime number suffices for the entire 
network. This latter technique simplifies the computations 
for encryption and decryption since all the users in the 
network perform their computations modulo a single 
number, p. ^ 

It will be apparent to those skilled in the art that various 
modifications can be made to the video encryption system 
and method of the instant invention without departing from 
the scope or spirit of the invention, and it is intended that the 
present invention cover modifications and variations of the 
video encryption system and method provided they come 
within the scope of the appended claims and their equiva- 
lents. 

I claim: 

1. A method, using a first processor at a first user and a 
second processor at a second user, for encrypting and 
decrypting data having a plurality of blocks, with each block 
having a multiplicity of sub-blocks, with the first user having 
a first secret key and a first public key generated from the 
first secret key, and with the second user having a second 
secret key and a second public key generated from the 
second secret key, comprising the steps of: 

generating, using the first processor, a global key from the 

second public key and the first secret key; 
scrambling, for each block of data, using the first 
processor, the multiplicity of sub -blocks by exclusive - 
ORing sequential sub-blocks of the data, and partition- 
ing each block of scrambled data into a first portion and 
a second portion, thereby generating a block of 
scrambled data having the first portion and the second 
portion; 

generating a random number, using an algorithm in the 
first processor, from the first portion of the block of 
scrambled data; 55 

exclusive-ORing, using the first processor, the second 
portion of the block of scrambled data with the random 
number to generate a scrambled second portion and 
exclusive-ORing, using the first processor, the global 
key with the first portion of the block of scrambled data 
to generate a scrambled first portion, thereby generat- 
ing encrypted data comprising the scrambled second 
portion concatenated with the scrambled first portion; 

sending the encrypted data from the first processor to the 
second processor; 65 

generating, using the second processor, the global key 
from the first public key and the second secret key; 
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exclusive-ORing, using the second processor, the global 
key with the scrambled first portion, thereby generating 
the first portion; 

generating, using the second processor, the random num- 
ber from the first portion; 

exclusive-ORing, using the second processor, the random 
number with the scrambled second portion, thereby 
generating the second portion; and 

descrambling, at the second processor, the block of 
scrambled data comprising the first portion and the 
second portion, thereby generating the block of data. 

2. A method, using a first processor at a first user and a 
second processor at a second user, for encrypting and 
decrypting data having a plurality of blocks, with the first 
user having a first secret key and a first public key generated 
from the first secret key and with the second user having a 
second secret key and a second public key generated from 
the second secret key, comprising the steps of: 

generating, using the first processor, a global key from the 
second public key and the first secret key; 

scrambling, using the first processor, a block of data; 

partitioning the block of scrambled data into a first portion 
and a second portion, thereby generating a block of 
scrambled data having the first portion and the second 
portion; 

generating a random number, using an algorithm in the 
first processor, from the first portion of the block of 
scrambled data; 

combining, using the first processor, the second portion of 
the block of scrambled data with the random number to 
generate a scrambled second portion and combining, 
using the first processor, the global key with the first 
portion of the block of scrambled data to generate a 
scrambled first portion, thereby generating encrypted 
data comprising the scrambled second portion concat- 
enated with the scrambled first portion; 

sending the encrypted data from the first processor to the 
second processor; 

generating, using the second processor, the global key 
from the first public key and the second secret key; 

combining, using the second processor, the global key 
with the scrambled first portion, thereby generating the 
first portion; 

generating, using the second processor, the random num- 
ber from the first portion; 

combining, using the second processor, the random num- 
ber with the scrambled second portion, thereby gener- 
ating the second portion; and 

descrambling, using the second processor, the block of 
scrambled data comprising the first portion and the 
second portion, thereby generating the block of data. 

3. The method as set forth in claim 2 with the step of 
combining the second portion of the block of scrambled data 
with the random number including the step of exclusive- 
ORing the second portion of the block of scrambled data 
with the random number. 

4. The method as set forth in claim 2 with the step of 
combining the global key with the first portion of the block 
of scrambled data including the step of exclusive-ORing the 
global key with the first portion of the block of scrambled 
data. 

5. The method as set forth in claim 2 with the step of 
combining the global key with the scrambled first portion 
including exclusive-ORing the global key with the 
scrambled first portion. 
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6. The method as set forth in claim 2 with the step of 
combining the random number with the scrambled second 
portion including the step of exclusive -O Ring the random 
number with the scrambled second portion. 

7. A method, using a first processor at a first user for 
encrypting data having a plurality of blocks, with the first 
user having a global key and with a second user having the 
global key, comprising the steps of: 

scrambling a block of the data and partitioning the block 
of scrambled data into a first portion and a second 
portion thereby generating a block of scrambled data 
having the first portion and the second portion; 

generating a random number, using an algorithm, from the 
first portion of the block of scrambled data; 

combining the second portion of the block of scrambled 
data with the random number to generate a scrambled 
second portion, and combining the global key with the 
first portion of the block of scrambled data to generate 
a scrambled first portion, thereby generating encrypted 
data comprising the scrambled second portion concat- 
enated with the scrambled first portion. 

8. The method as set forth in claim 7 with the step of 
combining the second portion of the block of scrambled data 
with the random number including the step of exclusive- 
ORing the second portion of the block of scrambled data 
with the random number. 

9. The method as set forth in claim 7 with the step of 
combining the global key with the first portion of the block 
of scrambled data including the step of exclusive-ORing the 
global key with the first portion of the block of scrambled 
data. 

10. The method, as set forth in claim 7, further using a 
second processor at a second user, for decrypting encrypted 
data having a plurality of blocks, comprising the steps, using 
the second processor, of: 

combining the global key with the scrambled first portion, 

thereby generating the first portion; 
generating the random number from the first portion; 
combining the random number with the scrambled second 

portion, thereby generating the second portion; and 
descrambling the block of scrambled data comprising the 

first portion and the second portion, thereby generating 

the block of data. 

11. The method as set forth in claim 10 with the step of 
combining the global key with the scrambled first portion 
including exclusive-ORing the global key with the 
scrambled first portion. 

12. The method as set forth in claim 10 with the step of 
combining the random number with the scrambled second 
portion including the step of exclusive-ORing the random 
number with the scrambled second portion. 

13. A system for encrypting and decrypting data having a 
plurality of blocks, with a first user having a first secret key 
and a first public key generated from the first secret key and 
with a second user having a second secret key and a second 
public key generated from the second secret key, compris- 
ing: 

a first processor, located at the first user, for generating a 
global key from the second public key and the first 
secret key, for scrambling and partitioning a block of 
the data, thereby generating a block of scrambled data 
having a first portion and a second portion, for gener- 
ating a random number from the first portion of the 
scrambled data using an algorithm, for combining the 
second portion of the block of scrambled data with the 
random number to generate a scrambled second 
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portion, and for combining the global key with the first 
portion of the block of scrambled data to generate a 
scrambled first portion, thereby generating encrypted 
data comprising the scrambled second portion concat- 

S enatcd with the scrambled first portion; and 

a second processor located at the second user, for gener- 
ating the global key from the first public key and the 
second secret key, for combining the global key with 
the scrambled first portion, thereby generating the first 

10 portion, for generating the random number from the 
first portion, for combining the random number with 
the scrambled second portion, thereby generating the 
second portion, and for descrambling the block of 
scrambled data having the first portion and the second 

35 portion, thereby generating the block of data. 

14. The system as set forth in claim 13 with the first 
processor combining the second portion of the block of 
scrambled data with the random number by exclusive- 
ORing the second portion of the block of scrambled data 

20 with the random number. 

15. The system as set forth in claim 13 with the first 
processor combining the global key with the first portion of 
the block of scrambled data by exclusive-ORing the global 
key with the first portion of the block of scrambled data. 

25 16. The system as set forth in claim 13 with the second 
processor combining the global key with the scrambled first 
portion by exclusive-ORing the global key with the 
scrambled first portion. 

17. The system as set forth in claim 13 with the second 
30 processor combining the random number with the scrambled 

second portion by exclusive-ORing the random number with 
the scrambled second portion. 

18. A system for encrypting and decrypting data having a 
plurality of blocks, with a first user having a first secret key 

35 and a first public key generated from the first secret key, and 
with a second user having a second secret key and a second 
public key generated from the second secret key, compris- 
ing: 

first means, located at the first user, for generating a global 

40 key from the second public key and the first secret key, 
said first means for scrambling and partitioning a block 
of the data, thereby generating a block of scrambled 
data having a first portion and a second portion, said 
first means for generating a random number from the 

45 first portion of the scrambled data using an algorithm, 
said first means for combining the second portion of the 
block of scrambled data with the random number to 
generate a scrambled second portion, and said first 
means for combining the global key with the first 

50 portion of the block of scrambled data to generate a 
scrambled first portion, thereby generating encrypted 
data comprising the scrambled second portion concat- 
enated with the scrambled first portion; and 
second means located at the second user, for generating 

55 the global key from the first public key and the second 
secret key, said second means for combining the global 
key with the scrambled first portion, thereby generating 
the first portion, said second means for generating the 
random number from the first portion, said second 

60 means for combining the random number with the 
scrambled second portion, thereby generating the sec- 
ond portion, and said second means for descrambling 
the block of scrambled data having the first portion and 
the second portion, thereby generating the block of 

65 data. 

19. The system as set forth in claim 18 with the first means 
combining the second portion of the block of scrambled data 
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with the random number by exclusive-ORing the second 
portion of the block of scrambled data with the random 
number. 

20. The system as set forth in claim 18 with the first means 
combining the global key with the first portion of the block 5 
of scrambled data by exclusive-ORing the global key with 
the first portion of the block of scrambled data. 

21. The system as set forth in claim 18 with the second 
means combining the global key with the scrambled first 
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portion by exclusive-ORing the global key with the 
scrambled first portion. 

22. The system as set forth in claim 18 with the second 
means combining the random number with the scrambled 
second portion by exclusive-ORing the random number with 
the scrambled second portion. 

***** 



10/16/2003, EAST version: 1.04.0000 



